David in Office (2)In this second article, I’m looking at areas of possible confusion and ambiguities in ISO 9001 (2015). My first article can be found at ISO 9001: (2015) Initial Observations.

Among the definitions in section 3 in ISO 9001 (2015) is the definition of a management system which goes like this: “set of interrelated or interacting elements of an organisation to establish policies and objectives and processes to achieve those objectives”.  Hence a quality management system would appear to be a system that establishes quality policies and quality objectives and quality processes to achieve those quality objectives.  But when one reads this closely it reads as though the system only establishes policies, objectives and processes; it does not read as though the system includes the processes and if it doesn’t include the processes, what indeed are its outputs and outcomes?

If this is a correct interpretation it means that the management system is a governance or control system.  It imposes rules and controls on the result producing processes or operational processes.  This concept of a management control system would seem to align with Stafford Beer’s Virtual Systems Model in his book Brain of the Firm (1972) in which there is an Operational System and other systems that handle communications, policy, strategy and control.  Russ Ackoff refers to all of these other systems as a Management System in his book Creating the Corporate Future (Wiley 1981) but ISO 9001 falls far short of capturing all the elements to which these authors refer.

ISO 9001 portrays the QMS as containing both the management control processes and the operational processes  but then it introduces a requirement for the quality management system requirements to be integrated into the organization’s business process implying QMS processes are not business processes.  If the QMS consists of interrelated or interacting elements, this requirement suggests that the interaction is between the QMS processes and other processes rather than interaction among the processes of the QMS.

One important characteristic of a system is its boundary and within this boundary are interactions that produce outputs into the external environment and receive feedback from that environment. However, I think it will be generally understood that the outputs of the QMS are conforming goods and services and the outcomes are customer satisfaction and profitability for the organization but one would also expect these from the operational system.  These anomalies create confusion as to where the boundary of the QMS lies or indeed whether the QMS is a system at all but rather a collection of provisions that serve to control the organization’s business processes.  Perhaps ISO 9001 should simply be a set of requirements for managing quality and should abandon the idea that it prescribes requirements for a system as the standard does not yet embrace systems thinking.

Another issue is about the scope of the QMS.  It is not clear as to whether the scope of the QMS is the scope of the system for managing quality, or the scope of the system that aligns with the requirements of ISO 9001 because the two may be different as  ISO 9001 does not cover everything you need to do to manage quality.  

And then there is the scope of registration which is usually addressed on the ISO 9001 certificate.  Now if the scope of the QMS is limited to the scope of registration it will only include the core processes for providing goods and services to customers.   It will therefore leave out all the management and support processes which is a bit daft.    If the scope of the QMS is everything needed for managing quality you might be inviting auditors to audit aspects outside the scope of ISO 9001.

Since the 2000 version there has been a lot of confusion over “the process approach”. This justifies an article all by itself but here I will focus on some of the ambiguities that have arisen in the proposed new version.  In an attempt to reduce confusion there is now a section devoted to the process approach (what was formerly addressed in section 4.1).

There are several references to processes in connection with the quality management system.

  1. Processes needed for the quality management system (clause 4.4.2).
  2. Quality management system processes (6.1).
  3. Quality management system and its processes (7.1.5).
  4. Processes needed to meet requirements (8.1).
  5. Processes of the quality management system (8.3).

This raises the question as to what is a QMS process and how does it differ from other processes.  I have a respiratory system which needs oxygen but the oxygen production process is not a respiratory system process nor is it a process of my respiratory system or any other system in my body.  However, it is needed for my respiratory system to function as without it I would die.  So on this basis operational processes are needed for the QMS but are not part of the QMS.  Therefore, what the QMS processes are is unclear unless they are processes such as communication, management review, auditing, document control etc.

In fact I would go so far as to say the concept “processes needed by the quality management system” is flawed because there are no processes needed by the quality management system.  There are only business processes that contain provisions for managing quality.  All processes are the processes of the organization which function together to produce the organization’s outputs.  The phrase is often incorrectly interpreted as processes that sit alongside business processes.  This reveals another ambiguity as to what a quality management system is.

Does it matter, well it all depends because as there is now a requirement to apply the process approach to the QMS and there is a list of 10 requirements that constitute the criteria for judging whether or not the process approach has been applied.  It is going to be a very onerous task indeed if the organization has to apply this criteria to every one of its identified processes.  Hitherto most organizations won’t have performance indicators for every single process or have done a risk assessment or determined the resources needed.  They might have done so for the product realization processes but probably won’t have done so for their document control process, planning process, purchasing process, calibration process, communications process, management review process, and audit process.  So there could be a mad scramble to change all those procedures that were re-titled processes after the 1994 revision in 2000.

There is ambiguity and duplication on the subject of resources.  Requirements for resources are scattered all over the standard.  In 4.4.2f it presumably requires resources for “transforming inputs into outputs” and 6.2 presumably requires resources for achieving quality objectives but does it mean we include or exclude those required for “transforming inputs into outputs”?  Section 8.3 presumably requires resources for producing goods and services but are these the same as those required by 4.4.2f

The ambiguity is further complicated by section 7.1, which requires resources required for establishment, implementation, maintenance and improvement of the QMS to be determined.  How this is addressed rather depends upon what we think a QMS is.  If it is simply a system of control then it excludes the result producing activities so resourcing the QMS is not synonymous with resourcing the operational processes.  In reality, organisations don’t resource the QMS separately.  Budgets are prepared at department and divisional levels and consolidated and any resources needed for control are included so when considering resources it makes sense to think of the QMS as containing the totality of processes needed to determine and produce goods and services.

Section 6 addresses planning and one could be forgiven for thinking that this is strategic planning as it follows a section on leadership but when you read the requirements more closely you’ll find that it’s limited to planning quality management system processes.  In section 8, there is operational planning where once again there are requirements for planning processes and at the micro level the requirement for planning appears (1) in 4.4, (2) in 6.2, (3) in 8.2, (4) in 8.3 and (5) in 8.5.1.  There are indeed different levels of planning and it is to be hoped that the users can distinguish between them and avoid duplication when reading these requirements.

In section 4, it requires the needs and expectations of interested parties (stakeholders to you and me) to be determined.  Now as one of these parties is your customer, it appears that the standard now requires you to do this twice.  Once under section 4 and again under section 8 unless of course this applies only after a potential customer has expressed an interest in your products and services and unless the former requirement is about market research.  At a micro level the requirement for the determination of requirements appears (1) in 4.2b, (2) in 8.2.2 (3) in clause 8.3 and (4) 8.6.5 thus creating a little confusion.

The ambiguity over the determination of customer requirements once again raises questions about scope but this time about the scope of the standard.   As stated previously, the objective has not changed: the scope statement in ISO 9001:2015 is the same as that in ISO 9001:2008 which basically states that it applies when an organization needs to demonstrate its ability to consistently provide conforming product and aims to enhance customer satisfaction.

So does this mean it applies to all of the following?:

  • Suppliers searching for problems to be solved that may create business opportunities.
  • Customers with a problem to be solved for which suppliers propose solutions.
  • Customers with a solution looking for suppliers with a product or service to implement it.
  • Customers wanting suppliers to produce goods or services to customer specifications.
  • Customers placing orders for proprietary goods or services.

Now some might say ISO 9001 does not apply to (a) but if this is correct why then introduce the phrase “determination of market needs” in section 8.2?

Overall there are many good things about the revision, but there are also many issues to be resolved in subsequent drafts so it’s more like a curate’s egg – good in parts!

The idea of harmonising the structure and terminology in management system standards is appealing, but rather depends on whether you think we need all these management system standards.  Why not just have one management systems standard and use the scope statement to include or exclude aspects of an organisation’s performance.

It is inconceivable that any organisation would have a management system that did not ensure delivery of quality goods and services but it is conceivable that such systems may not address the natural environment, information security, health and safety etc where such matters do not present a serious risk to the business.  One unintended consequence of the harmonisation might be the proliferation of management systems standards.

There is much work to do on the draft to remove the ambiguities and bring clarity to the text so that users have no problem in understanding what it is their organisation needs to do to demonstrate it has the ability to consistently provide product that meets customer and regulatory requirements.  After all this is the objective of ISO 9001. Encountering a new requirement, some readers may be prompted to enquire as to how conformity with that requirement affects its ability to achieve this objective particularly when they have a QMS which has already been found to meet it. So if the objective has not changed what justification is there for changing the requirements? Could it be that the previous versions have all been inadequate or has the success criteria changed? If the introduction of the process approach in the 2000 version presented difficulties for third-party auditors, this new version will certainly create an even bigger challenge.


After a period in aircraft production and the merchant navy following which he qualified as a Chartered Engineer, David Hoyle spent the next 20 years in quality management with British Aerospace on spacecraft development and with Ferranti International on computer system development. Over the next 15 years he operated as a management consultant firstly with Neville Clarke Ltd and then as Director of Transition Support Ltd guiding large and small companies through their ISO 9001 programmes and delivering quality management and auditor training courses throughout the world. This provided a wealth of experience to enable David to begin sharing it with others and over the last 20 years he has published several books on quality management some of which have been translated by national standards bodies into Spanish, Italian, Swedish and Japanese. His ISO 9000 Quality Systems Handbook is now in its 6th edition.




  1. Two week ago i went to a Quality forum in Brazil where Brazil ASQ Fellow Evandro Lorentz did a presentation about the “future of quality”. Evandro advise is don´t be concerned about ISO9001:2015 yet. The norm is on Committee draft (CD) yet. It´s not DIS even a FDIS. I also think of it so early to think about ISO9001:2015.

    Well, on the other hand, we have this month also the Dr. Nigel H. Croft from ISO TC176/SC-2 lecturing about ISO9001:2015 and he is putting his concerns about the new… I think no great changes will be done, just some conceptions improvements based on ISO31000 risk.

Leave a Reply

Your email address will not be published. Required fields are marked *